FKIE_CVE-2021-27420
Vulnerability from fkie_nvd - Published: 2022-03-23 20:15 - Updated: 2024-11-21 05:57
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation, Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02 | Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.gegridsolutions.com/Passport/Login.aspx | Permissions Required, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_b30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "971B98BB-125D-4D3F-8B54-09C6ECBEFC46",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_b30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEAC84B-ED36-4D41-8CDC-84B30294667F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_b90_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DD7078-54B7-4908-B041-C389601FFE54",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_b90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F9FE28C-1F33-4ECA-9004-B46912A1D8D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9D29A9-8351-48E0-BFCF-21945F586C51",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14E4B7C-E38E-4877-9EB6-BE496CFBB8D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c70_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEDFEAA-FF6B-40AE-988D-96B37E6F7A15",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F2E81E6-B718-4809-8D30-3074B0FB7239",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c95_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A8BC17-2B8A-4FCD-AED4-D60DBFA2CCAC",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c95:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD919B5-753E-40A8-8B14-BD0BA28386C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_d30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3506446-AF0D-4AC4-8C0A-5616D27C267B",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_d30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9226C470-365B-4CFF-B1FF-326EA82E9C16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_d60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E5D2F8-AA89-44E3-9316-E28357E525D8",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_d60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFC93A6-7FAB-4057-A962-6A9C8F0FD3DA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_f35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C86C0AEE-795B-45B1-A917-00A355EC25CD",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_f35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B66B913C-6D8A-4B5E-92AF-0ABE67195C47",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_f60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D151332D-37C7-4F7B-A30E-EB7F927B905D",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_f60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "313C6A1D-B50A-40C5-8553-68F21DFEDDDC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_g30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E9423B-F49D-4AF7-8275-3216D615F279",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_g30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9965C1-9B3C-4B8A-8643-43678B5A6643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_g60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2447F208-815E-44D2-91BC-7BFCFC85C977",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_g60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20A13929-C8B5-49E0-9F5C-EA443413C584",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE2725C-8778-479D-8743-F62B5763931D",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF00D002-3C82-47B1-B585-DB91F33CEECC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34B1A2B8-B43B-4CCD-886A-0487C09E5279",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F716F53-3AC6-41C6-A894-9712A8AFE58C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_l90_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58A5CD1D-27C0-4D14-9FBE-A8C74BD9737B",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_l90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF5085-6713-41FA-93D5-65AE4C8F8AD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_m60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B3453A-1B71-4ADD-8AC3-5D5436EAD879",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_m60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5431E320-7E3A-4BD3-B33A-3345CF20B20D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_n60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80DE8022-6349-4E53-B97B-AFAD1685E40E",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_n60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2217A440-FADD-40ED-A933-F3DBCF36E116",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_t35_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51F57944-8FDB-4541-A6ED-BF6D40916786",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_t35:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B7B0753-62C7-4972-AD22-FC3E31A5218F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_t60_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B97E0654-4407-48CE-BC07-E2385E86B65A",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_t60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E75BD31-3057-42F4-BD1B-C68C797F39DF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ge:multilin_c30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10F68AE0-E4FC-4357-A619-B0B990FDC708",
"versionEndExcluding": "8.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ge:multilin_c30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "314AA92C-5B56-475A-B65F-CF597CEBFB38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GE UR firmware versions prior to version 8.1x web server task does not properly handle receipt of unsupported HTTP verbs, resulting in the web server becoming temporarily unresponsive after receiving a series of unsupported HTTP requests. When unresponsive, the web server is inaccessible. By itself, this is not particularly significant as the relay remains effective in all other functionality and communication channels."
},
{
"lang": "es",
"value": "GE UR versiones de firmware anteriores a versi\u00f3n 8.1x, de la tarea del servidor web no manejan apropiadamente la recepci\u00f3n de verbos HTTP no admitidos, resultando en que el servidor web deje de responder temporalmente tras recibir una serie de peticiones HTTP no admitidas. Cuando no responde, el servidor web es inaccesible. Por s\u00ed mismo, esto no es particularmente significativo, ya que el rel\u00e9 sigue siendo efectivo en todas las dem\u00e1s funcionalidades y canales de comunicaci\u00f3n"
}
],
"id": "CVE-2021-27420",
"lastModified": "2024-11-21T05:57:57.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-23T20:15:08.310",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.gegridsolutions.com/Passport/Login.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-075-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Vendor Advisory"
],
"url": "https://www.gegridsolutions.com/Passport/Login.aspx"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…